Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-66246

Credential handling should be more fine-grained

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      We use:

      Jenkins 2.289.2

      Micro Focus Application Automation Plugin 6.9

       

      after installing your plugin, we are faced with a big security issue.

      in order to use the plugin we are required to enter ALL the users and their password in the Jenkins Configure System screen.

       

      this causes us:

      1. the need to have jenkins administrative access server to change/add/remove users.
      2. the need to have jenkins administrative access to change a password for a user.
      3. a problem in which any user with access to the jenkins server can choose any pre-defined user to access the ALM server (since it is configured in the server level, and not in the job level) - THIS IS THE SECURITY PROBLEM....

      I would expect you to use the credentials system embedded in the jenkins server in order to be able to receive the credentials on the job/script level (like almost any other plugin).

      this way:

      1. each user can only access the credentials he is allowed.
      2. each user can add/change/remove credentials without jenkins administrative privilege but only with credential privilege.
      3. other users in the system are not exposed to credentials they are not allowed to see.

       

      I'm available to provide any needed information regarding this issue.

       

        Attachments

          Activity

          amidar Amit Dar created issue -
          radislav_berkovich radislav made changes -
          Field Original Value New Value
          Assignee radislav [ JIRAUSER130913 ] Dorin Bogdan [ JIRAUSER132181 ]
          danielbeck Daniel Beck made changes -
          Summary SECURITY BREACH - ability to use other user credentials Credential handling should be more fine-grained
          danielbeck Daniel Beck made changes -
          Priority Critical [ 2 ] Major [ 3 ]
          danielbeck Daniel Beck made changes -
          Issue Type Bug [ 1 ] New Feature [ 2 ]
          dorin7bogdan Dorin Bogdan made changes -
          Status Open [ 1 ] In Progress [ 3 ]
          dorin7bogdan Dorin Bogdan made changes -
          Resolution Fixed [ 1 ]
          Status In Progress [ 3 ] Fixed but Unreleased [ 10203 ]
          hildaboth Hilda made changes -
          Status Fixed but Unreleased [ 10203 ] Closed [ 6 ]

            People

            Assignee:
            dbogdan7 Dorin Bogdan
            Reporter:
            amidar Amit Dar
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: